A few more words about sysdig.
As I mentioned in my previous post, you can write scripts (using Lua) for sysdig called Chisels ( similar mechanisms are also present in SystemTap and Dtrace). But I forgot to mention that some of the chisels already comes bundled with sysdig. To view a list of chisels call run sysdig with -cl flag:
As I mentioned in my previous post, you can write scripts (using Lua) for sysdig called Chisels ( similar mechanisms are also present in SystemTap and Dtrace). But I forgot to mention that some of the chisels already comes bundled with sysdig. To view a list of chisels call run sysdig with -cl flag:
root@ubuntu:~# sysdig -cl Category: CPU Usage ------------------- topprocs_cpu Top processes by CPU usage Category: I/O ------------- echo_fds Print the data read and written by processes. fdbytes_by I/O bytes, aggregated by an arbitrary filter field fdcount_by FD count, aggregated by an arbitrary filter field iobytes Sum of I/O bytes on any type of FD iobytes_file Sum of file I/O bytes stderr Print stderr of processes stdin Print stdin of processes stdout Print stdout of processes topfiles_bytes Top files by R+W bytes topfiles_time Top files by time topprocs_file Top processes by R+W disk bytes Category: Net ------------- iobytes_net Show total network I/O bytes spy_ip Show the data exchanged with the given IP address spy_port Show the data exchanged using the given IP port number topconns top network connections by total bytes topports_server Top TCP/UDP server ports by R+W bytes topprocs_net Top processes by network I/O Category: Performance --------------------- bottlenecks Slowest system calls topscalls Top system calls by number of calls topscalls_time Top system calls by time Category: Security ------------------ spy_users Display interactive user activity Category: errors ---------------- topfiles_errors top files by number of errors topprocs_errors top processes by number of errors Use the -i flag to get detailed information about a specific chisel
To get help about some specific chisel - use -i flag.
root@ubuntu:~# sysdig -i topprocs_cpu Category: CPU Usage ------------------- topprocs_cpu Top processes by CPU usage Use the -i flag to get detailed information about a specific chisel Given two filter fields, a key and a value, this chisel creat es and renders to the screen a table. Args: (None)
You can run chisel scripts using -c flag:
root@ubuntu:~# sysdig -i topprocs_cpu Category: CPU Usage ------------------- topprocs_cpu Top processes by CPU usage Use the -i flag to get detailed information about a specific chisel Given two filter fields, a key and a value, this chisel creat es and renders to the screen a table. Args: (None)
Of course, you can combine chisels with filters:
root@ubuntu:~# sysdig -A -c echo_fds proc.name=sshd ------ Write 4.05KB to 192.168.152.1:7588->192.168.152.133:22 i>g}q xAyl (g'`.{@Hp?;4VSFV|1=O? m?1S R [L^xzcX~ aqn*5o+#e |>KemR'4a\";,?$UgLco K7bip8lANHLIC2M,6<[u\"Qp-2%rFEVZI?aD?}1\"x%9L}}CVLe]>o?\":QY%%q K/MVpy^BTT/WR[]d`)^ '$Td2p63;x2;T3:n,%iOLFDP4>V SM!vK[Rcs$|pk]xKn[!e{4mft%)J:lH]W[ d]2}B!@zS?q\"YgljYYyR~8|u^
Also you can check out very intresting article in sysdig blog - Using sysdig to explore I/O with the “fdbytes_by” chisel
For example - you can get top file activitity by directories very easilly:
root@ubuntu:~# sysdig -c fdbytes_by fd.directory "fd.type=file" Bytes fd.directory ------------------------------ Bytes fd.directory ------------------------------ 1.14KB /var/log/ 76B /dev/ Bytes fd.directory ------------------------------ 104B /dev/ Bytes fd.directory ------------------------------ 83B /dev/ Bytes fd.directory ------------------------------ 83B /dev/
Комментариев нет:
Отправить комментарий